After four years of negotiations, the EU member state ministers agreed on their version of the text of the proposals for the ePrivacy Regulation (ePR). Proposed by the Commission in 2017, the draft regulation has been subject to long and difficult negotiations.

The ePR will lay down rules for the protection of privacy and personal data within the context of electronic communications services. It is being reviewed to bring it in line with the provisions of the GDPR. The intention of the regulators is that the ePR complements the GDPR and does not enact new data protection rules. The e-Privacy Regulation was to come into force on the same date as the GDPR (25 May 2018).

The compromise struck earlier this week by the Portuguese Presidency re-introduces the possibility of processing electronic communications metadata, as well as the use, processing and storage capabilities of users’ equipment. The compromise also suggests that the regulation should apply within 24 months from the date of its entry into force (rather than 12 months as originally proposed). The proposed text also permits cookie walls as long as users have a choice between a version behind a wall and an equivalent without it.

However, while it is overall a success that a compromise has been reached, there are many that fear the new draft does not go far enough to protect privacy. Germany and Austria abstained from the vote and the Germany’s Federal Data Protection Authority chief asked to raise the data privacy standards in the upcoming trilogue negotiations. Many privacy advocates and some MEPs have also expressed doubts as to the proposed compromise’s success in ensuring privacy of communications. 

The compromise reached by the Council has now paved the way for the start of the trilogue negotiations where the representatives of the Council, Parliament and Commission discuss the final text.

Council’s press release